Sciweavers

ESSOS
2010
Springer

Experiences with PDG-Based IFC

14 years 8 months ago
Experiences with PDG-Based IFC
Information flow control systems provide the guarantees that are required in today’s security-relevant systems. While the literature has produced a wealth of techniques to ensure a given security policy, there is only a small number of implementations, and even these are mostly restricted to theoretical languages or a subset of an existing language. Previously, we presented the theoretical foundations and algorithms for dependence-graph-based information flow control (IFC). As a complement, this paper presents the implementation and evaluation of our new approach, the first implementation of a dependence-graph based analysis that accepts full Java bytecode. It shows that the security policy can be annotated in a succinct manner; and the evaluation shows that the increased runtime of our analysis—a result of being flow-, context-, and object-sensitive—is mitigated by better analysis results and elevated practicability. Finally, we show that the scalability of our analysis is n...
Christian Hammer
Added 17 Mar 2010
Updated 17 Mar 2010
Type Conference
Year 2010
Where ESSOS
Authors Christian Hammer
Comments (0)